GDPR Compliance

Last updated: January 2024

Mountain Prism respects the privacy rights of individuals in the European Union under the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and explains your rights as an EU resident.

Data Controller

Mountain Prism acts as the data controller for personal information collected through our website and services. Our contact details are:

Mountain Prism
47 Riverside Drive
Meadowbrook QLD 4131
Australia
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent: When you voluntarily submit information through our contact forms or subscribe to communications
• Contract: When processing is necessary to fulfil our service agreements with you
• Legitimate Interest: When processing is necessary for our legitimate business interests, provided these do not override your rights
• Legal Obligation: When we are required to process data to comply with applicable laws

Your GDPR Rights

As an EU resident, you have the following rights under GDPR:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data under certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

International Data Transfers

As an Australian business, we may transfer your data outside the European Economic Area. When we do, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law. Typical retention periods include:

• Customer records: 7 years from last service
• Marketing consent records: Until consent is withdrawn
• Website analytics: 26 months

Data Protection Officer

For GDPR-related enquiries, please contact our designated data protection contact at [email protected].

Supervisory Authority

If you are unsatisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, and we will inform you of any such extension.